Research On Threshold Encryption-based Level Access Control

With the rapid development of computer network technology,sharing of data resources has become an important research direction in the area of computer application.Access control ensures that the data resources are not illegal by limiting the ability and range of access which is from user to data."Level Access Control" means that users in the network are divided into a number of levels.High-level user can access both his own data and low-level data,while low-level user can not access high-level data.In this thesis,research status on threshold secret sharing and access control are introduced.Asmuth-Bloom threshold secret sharing scheme is analyzed.The policy and method of access control are discussed.According to secret sharing,a "level access control" model is presented.A two-level access control scheme based on CRT is proposed.In traditional access control schemes based on data encryption,system distributes only one key to each user,which makes each user can only decrypt the ciphertext encrypted by himself.In other word,"one key opens one lock".Level access control can not be realized.Our scheme constructs(2,4)and(4,6)thresholds based on CRT so that secret shares in(4,6)threshold can include shares in(2,4)threshold partly.One share in(2,4)threshold is viewed as the private key of low-level user and two shares in(4,6)threshold is regarded as the private key of high-level user.By using the same private key,high-level user can decrypt not only his own ciphertext,but also the ciphertext of low-level user,which means "One key opens two locks".However,low-level user fails to decrypt ciphertext of high-level user by his private key.Thus,"Level access control" can be achieved."Level access control" could be realized in traditional access control schemes only if high-level user could get a number of keys,which makes key management more complex.In our scheme,each user needs only one key(private key)to make " Level access control" come true,which can simplify the management of keys and improve the efficiency of data sharing.Furthermore,two-level access control scheme can be generalized to more levels,applying to large-scale access control under the "Cloud Computing" environment.Finally,A two-level access control system is designed and realized to prove the correctness and feasibility of our scheme.